cobbler project

Top products

The 12 most recently published vulnerabilities affecting cobbler project.

• CVE-2024-47533Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes9.8Nov 18, 2024
• CVE-2022-0860Improper Authorization in cobbler/cobbler9.1Mar 11, 2022
• CVE-2021-45083An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-priv...7.1Feb 20, 2022
• CVE-2021-45081An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.5.9Feb 20, 2022
• CVE-2021-45082An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substri...7.8Feb 18, 2022
• CVE-2021-40325Cobbler before 3.3.0 allows authorization bypass for modification of settings.7.5Oct 4, 2021
• CVE-2021-40324Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.7.5Oct 4, 2021
• CVE-2021-40323Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.9.8Oct 4, 2021
• CVE-2016-9605A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigati...6.1Aug 22, 2018
• CVE-2018-10931It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobble...9.8Aug 9, 2018
• CVE-2017-1000469Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.9.8Jan 3, 2018
• CVE-2011-4953The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of ...6.8Oct 27, 2014